Description

source: http://www.securityfocus.com/bid/5784/info
When multiple Procurve switches are used interconnected, it is common for an administrator to enable a feature allowing each switch to be viewed through a single interface, accessible via the web.
It has been reported that HP Procurve Switches are vulnerable to a denial of service attack, when used in a "stack" configuration. It is possible for an attacker to reset member switches by issuing a device reset command to a vulnerable device. Vulnerable devices do not require authentication before accepting this command.
It should be noted that the web interface is not enabled by default.
http://&lt;IP ADDRESS&gt;/sw2/cgi/device_reset?

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2018

Protected by

{"id": "EDB-ID:21828", "hash": "97c93815bcd41eba49fe654fc690ee10", "type": "exploitdb", "bulletinFamily": "exploit", "title": "HP Procurve 4000M Switch Device Reset Denial of Service Vulnerability", "description": "HP Procurve 4000M Switch Device Reset Denial Of Service Vulnerability. CVE-2002-1147. Dos exploit for hardware platform", "published": "2002-09-24T00:00:00", "modified": "2002-09-24T00:00:00", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/21828/", "reporter": "Brook Powers", "references": [], "cvelist": ["CVE-2002-1147"], "lastseen": "2016-02-02T17:22:17", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/21828/", "sourceData": "source: http://www.securityfocus.com/bid/5784/info\r\n\r\nWhen multiple Procurve switches are used interconnected, it is common for an administrator to enable a feature allowing each switch to be viewed through a single interface, accessible via the web.\r\n\r\nIt has been reported that HP Procurve Switches are vulnerable to a denial of service attack, when used in a \"stack\" configuration. It is possible for an attacker to reset member switches by issuing a device reset command to a vulnerable device. Vulnerable devices do not require authentication before accepting this command.\r\n\r\nIt should be noted that the web interface is not enabled by default.\r\n\r\nhttp://<IP ADDRESS>/sw2/cgi/device_reset?", "osvdbidlist": ["10861"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}